Search Options
Skip to main content (Press Enter).
Sign In
Skip auxiliary navigation (Press Enter).
Skip main navigation (Press Enter).
Toggle navigation
Search Options
Communities
General Discussion
My Communities
Explore All Communities
Products
Solutions
Services
Developers
Champions Corner
Customer Stories
Insights
Customer Advocacy Program
Badge Challenges
Resources
Resource Library
Hitachi University
Product Documentation
Product Downloads
Partners Portal
How To
Get Started
Earn Points and Badges
FAQs
Start a Discussion
Champions Corner
Blog Viewer
Blogs
Ransomware Attack Against Critical Infrastructure
By
Hubert Yoshida
posted
05-11-2021 19:19
0
Like
Last week I posted a blog on ransomware and pointed out the cost of recovery and some of the Hitachi tools that can protect against ransomware. By Friday of that week the United States had suffered its worst cyberattack on its critical infrastructure through a
ransomware attack on Colonial Pipeline
which delivers approximately 45 percent of the East Coast's petroleum products, including gasoline, diesel fuel, and jet fuel.
The
DarkSide
ransomware group was quickly identified as being responsible for the Colonial Pipeline attack. The gang stole almost 100 gigabytes of data hostage, threatening to leak it onto the internet, but the FBI and other government agencies worked with private companies to respond. The cloud computing system the hackers used to collect the stolen data was taken offline on Saturday. Colonial proactively took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of their IT systems, which they are actively in the process of restoring.
Colonial has been publishing regular notices
which indicate that they hope to back in operation by the end of this week.
“This weekend's events put the spotlight on the fact that our nation's critical infrastructure is largely owned and operated by private sector companies," said Elizabeth Sherwood-Randall, the White House domestic security adviser. "When those companies are attacked, they serve as the first line of defense and we depend on the effectiveness of their defenses."
"Our critical infrastructure sectors are the modern day battlefield and cyber space is the great equalizer. Hacker groups can essentially attack with little individual attribution and virtually no consequence. With over 85% of all infrastructure owned and operated by the private sector, significant investment and attention must be placed on hardening key critical systems," according to Brian Harrell, former assistant secretary for infrastructure protection at the Department of Homeland Security.
In response to the attacks on Colonial Pipeline, the Biden administration issued a Regional Emergency Declaration
2021-002
this Sunday. The declaration provides a temporary exemption to the Federal Motor Carrier Safety Regulations, allowing alternate transportation of petroleum products via tanker truck to relieve shortages related to the attack. Although the move will ease shortages somewhat, the exemption wouldn't be anywhere near enough to replace the pipeline's missing capacity. "Unless they sort it out by Tuesday, they're in big trouble," said
oil market analyst Gaurav Sharma
, adding that "the first areas to hit would be Atlanta and Tennessee, then the domino effect goes up to New York."
This Wednesday President Biden will begin to sell his 2 Trillion dollar plan to rebuild infrastructure in the United States. This plan will need to include investment in rebuilding cyber security in the private and public sector. The oil pipeline attack should strengthen demands for cybersecurity standards for companies that play an important role in Americans’ critical infrastructure. As it is, it’s left up to the private companies to implement the security measures they use to protect systems that are critical to the national interest. Like many companies today Colonial Pipeline has been on a
digital transformation journey
which they describe on their website. However, this did not protect them from this cyber attack. It is not known how much of that digital transformation was focused on Cyber Security. It appears that security should have precedence over operational efficiency when it comes to critical infrastructure companies like Colonial Pipeline.
Details on how the hackers were able to gain access to Colonial’s systems haven’t been made public yet, but
Bloomberg reports
that the attack began on May 6, with nearly 100 gigabytes of data stolen before Colonial’s computers were locked up. A ransom was demanded, both to stop the data from being leaked on the internet and to unlock the affected systems. 100 gigabytes is not a lot of data considering the petabytes of data that a company like this would have. If that data was encrypted, stealing it would not have been a big threat. However, that fact that any data was stolen, whether it was in a form that could be interpreted or not, meant that the system was compromised. Once compromised the company had to shut systems down in order to determine the extent of the compromise. Even though this was an IT hack they had to determine if there was also a compromise to the operational systems which controlled the physical assets that could have exploded or caused other catastrophic destruction.
An organization carrying out a ransomware attack is looking for a vulnerability in order to insert their code. Many come in through a phishing attack, so users of the system must be trained and tested for their awareness to avoid these attacks. Many find entrance through some unpatched system in the infrastructure. Running the most up to date software is an obvious deterrent. However, it’s a much harder process for a large company running something as complex as a petroleum pipeline to keep up with the latest update. They are usually more concerned about the stability and reliability of their business operations and are reluctant to take outages for maintenance. The result is that many critical infrastructure businesses are built on top of software that are old and vulnerable by modern security standards.
More insidious is the
Supply Chain attack
like
SolarWinds
where a hack was inserted through an update to a third party network management tool. Here the installation of the latest software update introduced the hack. (the hack was discovered when a second phone number was used in a two factor authentication) Supply Chain Attacks are likely to occur in widely used software since it can affect more users. Supply Chain hacks are increasing and measures must be taken to authenticate third party code.
CSO Online published a blog
on some ways to guard against Supply Chain attacks. A patch management system should require third-party risk testing or have some standards that vendors need to comply with. Avoid Automating updates to sensitive code.
A supply chain attack may have already inserted sleeper code which may be waiting for the right moment to be activated. This give you time to encrypt your critical data and protect against ransomware attacks with our
advanced technologies
that are built into block and object storage systems that can protect backup data from being modified or deleted. When an attack happens, recover your data and don't pay the ransom.
#Hu'sPlace
#Blog
0 comments
4 views
Related Content
Ransomware Temporarily Disrupted – But More Action is Required
Hubert Yoshida
Added 05-18-2021
Blog Entry
The Escalating Cost of Ransomware
Hubert Yoshida
Added 07-07-2021
Blog Entry
The SolarWinds Hack
Hubert Yoshida
Added 03-05-2021
Blog Entry
Ransomware Insurance: Good or Bad?
Hubert Yoshida
Added 07-14-2021
Blog Entry
Cyber Security is Everyone’s Responsibility
Hubert Yoshida
Added 06-02-2021
Blog Entry
Permalink
© Hitachi Vantara LLC 2023. All Rights Reserved.
Powered by Higher Logic